Someone contacted me on Steam and asked if I wanted to play TF2 with him. It was one of my most played games at the time and I had a TF2 avatar, so no surprises here.
That person later asked me to rate their TF2 team on some website. Didn’t care first but did it eventually. The website needed Steam auth but just faked the Steam auth and relayed every bit of information you entered to steal your account.
Quickly realized my mistake and reset my password before anything happened. Im still surprised how much effort went into this fake rating site just to steal some Steam accounts.
Something similar to this happened to me but I think it was for CSGO. The steam sign in page was a fake popup window inside the main website, draggable and all. I realized it was fake when I noticed it was light theme while my computer was dark theme.
Edit: I realized it was fake before I signed in, luckily
A buddy of mine got her Discord account hacked by someone doing this. They gave her another Discord user who was playing as an employee. To "prove" the account was hers she had to change the validated email to something they sent. She mentioned something about it and then I and another person in IT started freaking out.
All in all it was fine and she got her account back. I think she was just embarrassed. I think it's the first time she's ever had someone try to do something like that. Me and the other person who caught it were trying to reassure her that we noticed it because we've had to do so many IT trainings and phishing tests over the years.for work.
yeah, the second they said something about reporting me by accident and steam banning my IP I knew it was a scammer. Although I suspected it before, as I never had a random person message in in 20 years of using steam.
I had hoped to lure the scammer a little bit further and figure out what they wanted to do, but I got too excited and scared them. very sad
They were almost certainly going to tell you that if you didn't act then both of you would get banned then direct you to a fake Steam employee or fake website. It's interesting they randomly messaged you. Normally this relies on being done to friends.
I have basically the same story, except it was one of my actual friends on Steam asking me to rate their CS:GO team. I fell for it since I was trying to be nice, and luckily changed my password before they could turn around and use my account for the same thing.
I haven't changed my Steam password since I got an account many, many, many years ago. No idea what it is anymore—something really short and basic—but other people do. I get two-factor hits all the time 🤣